Harbor
1、架构
2、安装依赖
2.1 硬件
https://goharbor.io/docs/2.10.0/install-config/installation-prereqs/
4C8G 160Gi磁盘
2.2 软件
docker
docker-compose
openssl
3、安装
3.1 做lvm
1、查看硬盘
lsblk
2、创建pv
pvcreate /dev/sdb
3、创建vg
vgcreate harbor /dev/sdb
4、创建lv
lvcreate -L 199G -n harbor harbor
5、格式化
mkfs.xfs /dev/harbor/harbor
6、挂载
mount /dev/harbor/harbor /data/harbor/
7、永久挂载
vi /etc/fstab
/dev/harbor/harbor /data/harbor/ xfs defaults 0 1
3.2 安装软件
3.2.1 docker
#!/bin/bash
cd /usr/local/src
tar xf docker-19.03.15.tgz
cd docker
cp ./* /usr/bin
groupadd docker
useradd docker -g docker
cd /lib/systemd/system
tee containerd.service <<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
tee docker.socket <<EOF
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
tee docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
EOF
systemctl enable --now docker.service && systemctl enable --now docker.socket &&systemctl enable --now containerd
3.2.2 docker-compose
wget -c https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64
chmod a+x docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 docker-compose
3.3 下载离线安装包
https: //github.com/goharbor /harbor/releases
3.4 安装步骤
3.4.2 生成https证书文件
mkdir /root/harbor/certs
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -key ca.key -out ca.crt
openssl genrsa -out quanheng.com.key 4096
openssl req -sha512 -new -key quanheng.com.key -out quanheng.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 =quanheng1.com(将来要使用的域名)
DNS.2 =quanheng
DNS.3 =harbor1(harbor.yaml中hostname的value)
EOF
openssl x509 -req -sha512 -days 3650 -CA ca.crt -extfile v3.ext -CAkey ca.key -CAcreateserial -in quanheng.com.csr -out quanheng.com.crt
3.4.1 配置
tar xf harbor-offline-installer-v2.5.0.tgz
vim /etc/hosts
参考链接https://goharbor.io/docs/2.5.0/install-config/configure-yml-file/
hostname: quanheng1.com(将来登录使用的域名)
http:
port: 80
https:
port: 443
certificate: /root/harbor/certs/quanheng.com.crt
private_key: /root/harbor/certs/quanheng.com.key
harbor_admin_password: 123456
database:
password: 123456
data_volume: /data/harbor
3.5 启动
./prepare
mkdir /etc/docker/cert.d/quanheng.com -p
cp /root/harbor/certs/quanheng.com.crt /etc/docker/cert.d/quanheng.com/
systemctl restart docker
./install.sh --with-trivy
notary 认证
trivy 扫描
chartmuseum helm模块
4、测试
4.1 服务器登录测试
root@harbor1:~/harbor/harbor
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/
Login Succeeded
4.2 页面访问测试
4.3 镜像上传测试
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· Manus爆火,是硬核还是营销?
· 一文读懂知识蒸馏
· 终于写完轮子一部分:tcp代理 了,记录一下